Exporting Certificates using CertUtil

There are many instances where you need to move a server to a new hardware. What you will carry from the old server to the new one will vary; you need to plan according to the server role in order to create your own checklist. Recently I had to move my own TMG Server to a new hardware (in this case a new VM) and I decided to install all over again and just import the rules. In a scenario with TMG, besides the core configuration (XML Backup) you also need to consider the certificates that are in use. As I only have a couple of certificates, there was no big deal, I just opened MMC and exported those certs. However, there are scenarios where you have a great amount of certificates and the process of exporting one by one can get quiet tedious.

But, you can use certutil to automate that. The first step in this procedure is to identity the certificate’s thumbprint (or serial number – depends on the approach in use). To do that you can use the PowerShell commands below:

i was wondering if you could help me out. i was trying to use certutil to dump a list of all issued certs on a CA. however i am not getting the parameters correct. this just posts on what the certutil command does.

My server got it's certificate from a CA server, no problem. Now I need to use that certificate to configure a digital sender device. I just need to export a computer's certificate (public key only + complete chain) from my server (not a CA server). I
can already do this through the certificate's double-click GUI with no problem, but I want to script it so I can do it from all of my servers centrally. How can I do this with certutil.exe, PowerShell, or some other native windows tool that can be scripted?
I'm not asking for a complete script (I can write the rest). I just need the one command that will export the certificate from the server (not the CA) to a p7b file. Great info here, BTW.